The growing sophistication and rapid proliferation of malicious software, also known as malware, presents an ever-increasing security threat to personal computers, enterprise computer networks, personal communication devices and the like. Malicious software typically spreads through file transfer over computer networks, such as the Internet, e-mail or other data communication means. To combat spread of malware, a great variety of computer and network security products, such as anti-virus, anti-spyware, anti-phishing, anti-spam, firewall applications, are developed by different security software vendors.
These security applications use different methods for detection of malware and other threats. For example, signature detection techniques uses code templates obtained from known malware to scan objects for those templates in the code. Technologies to check information integrity use the code of known trusted (clean) programs and use them to create a copy of clean program code for subsequent comparison with applications. Information integrity checking systems that create long lists of modified files after operating system updates. Checksum monitoring systems use cyclic redundancy code (CRC) values to determine integrity and authenticity of program files. Emulation techniques are used to execute suspicious programs in a virtual computer environment to detect malicious behavior.
Since various security applications are developed by different vendors, use different malware detection techniques, and have different data communication and data storage formats, these applications are generally incompatible with each other. In addition, each application maintains its own database of malware, which is periodically updated by the vendor with information about new malware and other threats. Due to their incompatibilities, these security products do not share information about detected malware with each other. For example, when a new type of malware or threat is encountered but not detected by one security application, while another security application has recognized this type of malware, sharing of information about new threats would have been helpful to prevent spread of malware. Accordingly, there is a need for an improved system for detection and management of malware-related information and distribution thereof among different security applications.